Next to the mandatory policies, procedures and records, there are 4 Mandatory Documents that need to be available and ready for the external audit certification: Management Review, Internal Audit Report, Scope of ISMS and Statement of Applicability
Preparing Management Review is automated in Compleye Online, read on Management Review section step by step how and what to do.
 Internal Audit
Internal Audit is done by a third party and the final report is uploaded to the Internal Audit section of the Compleye Online together with the findings and approvals. Internal Audit procedure needs to be followed and documented as part of the mandatory Policies and Procedures, we have a template for Internal Audit Procedures provided to you under the section Templates.
 Scope of ISMS
The main purpose of setting the ISMS (information security management system) scope is to define which information you intend to protect. Carefully define the scope as auditor will check if all the elements of the ISMS work well within your scope; he won’t check the components that are not included in your scope.
It is very relevant document because it describes how you will implement your information security. Statement of Applicability shows which of the suggested 114 controls (security measures) from ISO27001 Annex A are applicable to your ISMS and how you have implemented them. You can use SoA template to create the overview and map the controls with evidence for applicable and implemented controls.